Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 41

Thread: Low level format

  1. #11
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Many of those hard drive-manufacturer applications only write over the drive once with ones and zeros.
    Yes, that is what they are intended to do prior to reinstalling an OS. However, they boot from media and overwrite the whole drive.

    My comment on MS applications (cipher) is that they run from within Windows, so Windows must be loaded and booted. That means it has created a page file, log files, temporary files and God knows what. Those are not classed as "unused" and are not overwritten.

    My methodology would be:

    1. Run CCleaner (3 passes)
    2. Tweak the Registry to empty the page file on shutdown.
    3. Reboot from a CD and run a utility like eraser to wipe the unused space (which will now include the page file you just emptied )

    The real problem with Windows is getting rid of stuff that it is using, like the index and page files. CCleaner submits a job to do some of this on next bootup, but does not clear the page file.

    If I am recycling/redeploying I just use Darik's Boot & Nuke (dban) launched from removable media. This wipes everything, including BillyWindoze Actually, you need to do that because it could be illegal to dispose of a machine with one of your corporate licenced copies of Windows on it. Certainly selling it to a third party would be.

    For simple repair/re-installations I only overwrite once, and prefer to use the HDD manufacturer's software, as that generally checks for drive problems at the same time............. no point reinstalling onto a borked drive?

  2. #12
    Member
    Join Date
    May 2008
    Posts
    34
    I think you're trying too hard to find flaws in it. Ok, you say that there are indexes and a page file, but why would there be on a second drive that's added to the machine? There's nothing to index. Windows uses whatever directory is allocated as a page file. It doesn't just start adding page file space to every hard drive that is added to the system. Perhaps you're confused in thinking that people will only ever be trying to delete their system drive? Do you realize how easy it is to insert a second drive, even if it has Windows installed on it, and delete the entire drive, including indexes and page file space?

    Besides, remember that we're talking about making data unrecoverable. The primary reason for trying these solutions is to find out which one is best. I can guarantee you that three passes with Cipher will be better than one pass with any other garbage. lol

    As far as indexes go, who really cares if there are indexes pointing to files and folders that no longer exist, even if you were just trying to do this to a system drive? You can also set Windows to not use a page file at all. This would then allow you to overwrite it completely. What's more is that the page file only stores what would be stored in memory, but obviously there was not enough RAM to handle it. I suppose you could have a sensitive file stored there, but then we can still wipe it out if we turn off page file.

    The awesome part is that you don't have to reboot in order to take care of it. You can multi-task, rather than just sitting and waiting for a silly third-party app to get finished hogging your entire machine.
    Last edited by itPro; May 31st, 2008 at 06:15 PM.

  3. #13
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    i've used cipher on numerous occasions, especially when your working on a system that does not have internet access or if hardware has been locked down.
    Instead of mucking around enabling optical drives etc you can just go straight into a Dos Prompt type a few commands and it's taken care off.

    Off course disabling system restore and doing a restart and turning of paging comes in handy.

  4. #14
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Go here and get this:

    http://www.systenance.com/

    Index.dat Analyzer

    I think you're trying too hard to find flaws in it.
    Why? anything that runs in Windows is flawed by definition, because Windows has booted, recorded information, and locked files.

    but why would there be on a second drive that's added to the machine?
    Because Windows gets up to all sorts of things behind your back Also, I am not assuming more than one drive or partition.

    Do you realize how easy it is to insert a second drive, even if it has Windows installed on it, and delete the entire drive, including indexes and page file space?
    Obviously not................ I guess that I don't have enough experience.

    I can tell you that it is a lot more difficult than just booting from CD/DVD or floppy though. That is my entire point regarding loading the operating system first. Windows applications cannot be relied upon in this matter.

    As far as indexes go, who really cares if there are indexes pointing to files and folders that no longer exist
    Please use Google and research a product called "eNcase" I think that this might give you a better insight.

    You can also set Windows to not use a page file at all.
    OH! REALLY? booting Windows 98SE are we?

    You cannot "turn off" paging file in Windows XP. Also, why would you want to (assuming that you have even the vaguest idea of how the Windows operating system works?).

    If you set the Registry to delete the pagefile contents on shutdown, and follow the steps I suggested in an earlier post, you will be OK. Trust me, I have worked to finance and defence sector requirements for over 20 years............ I do know the rules.

    You can multi-task, rather than just sitting and waiting for a silly third-party app to get finished hogging your entire machine.
    Have you really read this post? You don't need to "multitask" when you are deleting data.............. in particular when you are wiping a whole disk.


  5. #15
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    I always liked BC Wipe v3. Been running it for years. It installs on any version
    of Windows, even Vista (couldn't believe it). Wipe free space, slack space, swap
    files. Also encrypts swap files.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  6. #16
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I think we are getting slightly confused here, the OP's original request was:

    I am trying to get a list of the best low level DoD standard format tools...
    Which implies to me that he wants to wipe an entire drive to military security standards.

    I do not believe that there is anything that runs from within Windows that will do that. It has to run from a different drive to be compliant. The easiest way to do that is to boot from a floppy, CD or USB and run the application from there.

    Sure, if you want to preserve the OS and wipe everything else, then you would take a different approach and use tools like BC Wipe and Eraser. Now, whilst you can use the same number of passes and methodology with these tools they would not be compliant because you are not wiping everything.

    The reason I suggested Eraser is it has an option to create a bootable Nuking disk.

    A straight disk wiper is here:

    http://www.roadkil.net/program.php?ProgramID=14

  7. #17
    Senior Member C:\Saw's Avatar
    Join Date
    Jan 2008
    Posts
    125
    Quote Originally Posted by nihil
    Obviously not................ I guess that I don't have enough experience.

    OH! REALLY? booting Windows 98SE are we?

    You cannot "turn off" paging file in Windows XP. Also, why would you want to (assuming that you have even the vaguest idea of how the Windows operating system works?).

    Trust me, I have worked to finance and defence sector requirements for over 20 years............ I do know the rules.

    Have you really read this post? You don't need to "multitask" when you are deleting data.............. in particular when you are wiping a whole disk.

    Does anybody else get a kick outta witnessing nihil put someone in their place?
    ._._._.
    I know I do!
    "...to give correctly is to give them what they need from us, for it would not be skillful to bring gifts to anyone that are in no way needed."
    --Socrates

    *Einstein Would Be Proud*

  8. #18
    Member
    Join Date
    May 2008
    Posts
    34

    Wink

    Quote Originally Posted by nihil
    Go here and get this:

    http://www.systenance.com/

    Index.dat Analyzer
    Why would I go to the trouble of downloading a third party app when Cipher can already handle it? 0.o

    Why? anything that runs in Windows is flawed by definition, because Windows has booted, recorded information, and locked files.
    That sounds like a Linux/Unix fanboy spouting nonsense to me...

    Because Windows gets up to all sorts of things behind your back
    Behind my back? I am well aware of how to get rid of anything that I don't want traced, so what would I care about them recording things that can help applications run more efficiently?

    Also, I am not assuming more than one drive or partition.
    Your computer only has one hard drive? Are you living in the stone ages?

    Obviously not................ I guess that I don't have enough experience.

    I can tell you that it is a lot more difficult than just booting from CD/DVD or floppy though. That is my entire point regarding loading the operating system first. Windows applications cannot be relied upon in this matter.
    LMAO Easier than plugging in a SATA drive, eh? You can even plug them in while it's running, depending on your setup. I guess you didn't factor in getting the CD or even having to create the CD... silly...

    Please use Google and research a product called "eNcase" I think that this might give you a better insight.
    Yet another product? I wasted my time going to the first site, so why don't you just tell me about this one?

    OH! REALLY? booting Windows 98SE are we?

    You cannot "turn off" paging file in Windows XP. Also, why would you want to (assuming that you have even the vaguest idea of how the Windows operating system works?).
    Owned... http://img71.imageshack.us/my.php?image=ownedzg0.jpg Now that we all know who the computer expert is here, I wonder if I should even continue.

    If you set the Registry to delete the pagefile contents on shutdown, and follow the steps I suggested in an earlier post, you will be OK. Trust me, I have worked to finance and defence sector requirements for over 20 years............ I do know the rules.
    You do realize that you can just click the radio button, right, rather than telling everyone to edit their registry? lol I guess you do now... You should probably consider retiring...

    Have you really read this post? You don't need to "multitask" when you are deleting data.............. in particular when you are wiping a whole disk.
    Do you honestly sit there and wait for the machine to finish, or do you use another machine? Either way you answer here, I again win...



    Does anybody else get a kick outta witnessing nihil put someone in their place?
    I'm still waiting to see it. It looks to me as if Nihil doesn't know much about Windows at all...

    I do not believe that there is anything that runs from within Windows that will do that. It has to run from a different drive to be compliant. The easiest way to do that is to boot from a floppy, CD or USB and run the application from there.
    I guess that you didn't know that Windows could do it? rofl
    http://img176.imageshack.us/my.php?image=owned2uq8.jpg

    I guess you're living in a fantasy world where you can only have a system drive on your computer and that drive is one big system partition... Those snap-in SATA cables are just so easy! =)

    Which implies to me that he wants to wipe an entire drive to military security standards.
    The one pass you mentioned that you do earlier would hardly be considered military-level security.
    Last edited by itPro; June 3rd, 2008 at 09:45 PM.

  9. #19
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Well that wasn't really my intention.

    From what Briz212 was asking it sounds like he is doing some research maybe even a project.

    It would be advisable to keep it as realistic as possible IMO. A few years ago I was involved with wiping some 800 computers at our Electronic Warfare & Countermeasures Division. Naturally that had to be done to our MoD standards.

    We could do them 20 at a time so just made 20 floppies with the wiping software on it and booted from those. Can you imagine unscrewing, removing the hard drive, slaving it to another computer then reassembling the original PC 800 times

    I just checked Win2000 and that won't let you set a zero swap file either.

    In the days of 9x if you changed the pagefile setting to manually chosen and fixed, it created a new file in windows\system\ or the root directory. That meant that you could wipe the old file which might have sensitive data. That doesn't work with 2000 and XP.

  10. #20
    Member
    Join Date
    May 2008
    Posts
    34
    As a programmer, I can tell you that it would be just as easy to run a script 20 times in order to wipe 20 hard drives at once. You would just be opening 20 instances of the command prompt. If you could do 20 machines at once and those 20 machines could connect to 3 extra drives each, then you could cipher 60 drives at once, rather than 20. I'm assuming that since you say you worked for the military that you obviously had a legitimate IT department and things such as network storage devices and monetary resources that could be put toward useful devices.

    That script, in the form of a batch file, could also easily run the cipher script. You wouldn't even have to alter any registry keys, if you added the drives to a network storage device or even to another computer that booted from another drive. If you compare rebooting every machine with a special disc that you have to interact with to removing the hard drive and sticking it in a hot-swappable storage device, I think it would be faster to remove the hard drive. You wouldn't really be doing 20 at once, if you had to sit down at each machine in order to interact with the program that wipes it.

    With Altiris, deploying software is as easy as drag-and-drop, so you could technically wipe your entire organization at once, let alone only 800 machines.

    As for slaving the drives, I haven't found that to be necessary with my SATA drives. Older PATA systems are probably more of a pain, however.

    With all of this said, however, we still have to go back to the original question. He really just wanted to hear examples of software packages that could be used to make data unrecoverable. Cipher is great at doing that, regardless of the steps it requires. Obviously every method requires a process, and it's all a matter of personal preference. It's okay for you to think that your way is great, but that is no reason to say that this Windows utility is not on equal footing. It's easier and does a better job, from where I'm standing, but try it for yourself, if you want. Just don't knock it until you try it.
    Last edited by itPro; June 4th, 2008 at 12:25 AM.

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 02:51 PM
  2. Debate about Data Recovery after Format.
    By helloworid in forum Newbie Security Questions
    Replies: 10
    Last Post: April 30th, 2004, 08:27 PM
  3. Low Level Format
    By Death_Knight in forum Hardware
    Replies: 17
    Last Post: January 2nd, 2004, 04:00 AM
  4. how do i low level format?
    By hexadecimal in forum AntiOnline's General Chit Chat
    Replies: 7
    Last Post: June 14th, 2003, 07:51 PM
  5. Batch File Tut
    By Badassatchu in forum Non-Security Archives
    Replies: 1
    Last Post: November 23rd, 2001, 11:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •